Coveware by Veeam présente les résultats de son rapport Q2 2025 sur les menaces de ransomwares.

Ces résultats révèlent une nouvelle dynamique dangereuse en matière de ransomwares, avec une augmentation record des attaques d’ingénierie sociale ciblées, faisant passer le montant moyen des rançons versées pour la première fois au-dessus du million de dollars. Des groupes de cybercriminels sophistiqués tels que Scattered Spider, Silent Ransom et Shiny Hunters délaissent les attaques de masse au profit d’attaques ciblées, utilisant l’usurpation d’identité et le vol de données pour extorquer des sommes plus importantes.

Principales conclusions de l’étude :

• Les rançons ont doublé (+104 % pour atteindre 1,13 million de dollars en moyenne), l’exfiltration de données, et non plus seulement le chiffrement, étant désormais la tactique d’extorsion n° 1 (dans 74 % des attaques).
• Les entreprises de taille moyenne et les secteurs critiques (services professionnels, santé et services aux consommateurs) sont désormais visées.
• L’ingénierie sociale et l’erreur humaine sont les nouveaux maillons faibles, contournant les contrôles techniques et exploitant les plateformes populaires.
• Les attaquants s’inscrivent dans une logique de long terme, car les extorsions multiples et les menaces différées maintiennent les organisations en danger même après une violation.

Bill Siegel, PDG de Coveware by Veeam, met en garde : « Les attaquants ne s’intéressent pas seulement aux sauvegardes. Ils s’intéressent désormais aux employés et à la réputation des données des entreprises. La résilience des données et la sensibilisation des employés sont désormais essentielles ».

SEATTLE – August 12, 2025 – Coveware by Veeam^®, the leading authority in ransomware response and cyber extortion trends, today unveiled its Q2 2025 ransomware report, spotlighting a dramatic escalation in targeted social engineering attacks and a surge in ransom payments driven by sophisticated data exfiltration tactics.

“The second quarter of 2025 marks a turning point in ransomware, as targeted social engineering and data exfiltration have become the dominant playbook,” said Bill Siegel, CEO of Coveware by Veeam. “Attackers aren’t just after your backups – they’re after your people, your processes, and your data’s reputation. Organizations must prioritize employee awareness, harden identity controls, and treat data exfiltration as an urgent risk, not an afterthought,”

Coveware by Veeam Reveals Q2 2025 Ransomware Surge: Social Engineering and Data Exfiltration Drive Record Payouts

Spike in Targeted Attacks Highlights Critical Role of Data Resilience in Current Ransomware Landscape

Key Q2 2025 findings from Coveware by Veeam include:

• Social Engineering Drives the Biggest Threats: Three major ransomware groups – Scattered Spider, Silent Ransom, and Shiny Hunters – dominated the quarter, each leveraging highly targeted social engineering to breach organizations across sectors. These groups abandoned mass opportunistic attacks for precision strikes, using novel impersonation tactics against help desks, employees, and third-party service providers.
• Ransom Payments Soar to New Highs: Both the average and median ransom payments rocketed to $1.13 million (+104% from Q1 2025) and $400,000 (+100% from Q1 2025), respectively. This spike is attributed to larger organizations paying out after data exfiltration-only incidents, even as the overall rate of organizations paying ransoms held steady at 26%.
• Data Theft Overtakes Encryption as Primary Extortion Method: Exfiltration was a factor in 74% of all cases, with many campaigns now prioritizing data theft over traditional system encryption. Multi-extortion tactics and delayed threats are on the rise, keeping organizations in the crosshairs long after an initial breach.
• Professional Services, Healthcare, and Consumer Services Hit Hardest: Professional services (19.7%), healthcare (13.7%), and consumer services (13.7%) bore the brunt of attacks. Mid-sized companies (11 – 1,000 employees) comprised 64% of victims, a sweet spot for attackers balancing payout potential against less mature defenses.
• Attack Techniques Evolve, Human Factor Remains Key Vulnerability: Credential compromise, phishing, and exploitation of remote services continue to dominate initial access, with attackers increasingly bypassing technical controls via social engineering. Groups regularly exploit vulnerabilities in widely-used platforms (Ivanti, Fortinet, VMware), and “lone wolf” attacks by seasoned extortionists using generic, unbranded toolkits are on the rise.
• New Entrants Reshape Ransomware Rankings: Q2’s top ransomware variants were Akira (19%), Qilin (13%), and Lone Wolf (9%), while Silent Ransom and Shiny Hunters entered the top five for the first time.

Coveware by Veeam has helped thousands of cyber extortion victims and developed industry leading software and services that enable rapid forensic triage, extortion negotiation and remediation, cryptocurrency settlements and decryption services with a singular goal and outcome – data recovery from ransomware attacks. Through these incidents, Coveware by Veeam has gathered data and insights on threat actor patterns that provide an unrivaled view of the current threat landscape. These valuable findings are shared with customers to help educate and reduce risks, improve security posture, and ensure rapid recovery. Select Coveware by Veeam capabilities are incorporated into Veeam offerings including Veeam Data Platform and the Veeam Cyber Secure Program, delivering the insights and capabilities to a broader set of customers. 

Coveware by Veeam’s quarterly report is based on firsthand data, expert insights and analysis from the ransomware and cyber extortion cases that they manage each quarter. Utilizing real-time incident response, proprietary forensic tools (including Recon Scanner), and comprehensive documentation of threat actor behavior, attack vectors, and negotiation outcomes. By aggregating and analyzing case-specific data – rather than relying on third-party sources – Coveware by Veeam is able to identify emerging trends, track tactics, techniques, and procedures (TTPs), and provide actionable, experience-based intelligence on the rapidly evolving ransomware landscape.

To learn more on this latest report from Coveware by Veeam, read the blog post. For more information on Veeam, visit https://www.veeam.com.

About Veeam Software

Veeam®, the #1 global market leader in data resilience, believes every business should be able to bounce forward after a disruption with the confidence and control of all their data whenever and wherever they need it.​ Veeam calls this radical resilience, and we’re obsessed with creating innovative ways to help our customers achieve it.

Veeam solutions are purpose-built for powering data resilience by providing data backup, data recovery, data portability, data security, and data intelligence. ​With Veeam, IT and security leaders rest easy knowing that their apps and data are protected and always available across their cloud, virtual, physical, SaaS, and Kubernetes environments.

Headquartered in Seattle with offices in more than 30 countries, Veeam protects over 550,000 customers worldwide, including 67% of the Global 2000, that trust Veeam to keep their businesses running. ​Radical resilience starts with Veeam. Learn more at www.veeam.com or follow Veeam on LinkedIn @veeam-software and X @veeam.

For Veeam media inquiries, contact Veeam.PR.Global@veeam.com.